Alert icon Keyboard navigation enabled.
Alert icon TAB or Shift+TAB to navigate across. Down ↓ to open menu. ESC to close menu.
Alert icon Down ↓ to select section. Right → to activate. Up ↑ / Down ↓ / Tab to traverse all. ESC to exit.
BeyondTrust
Skip to content Use space or enter to skip.

What can we help you find today?

Instant Results
  • Website Results
  • Technical Documentation

Filter Options

Focus your search

Filtering by

Your recent searches:

Contact Us Chat with Sales Get Support
  • English
  • Deutsch
  • français
  • español
  • 한국어
  • português
  • Home
  • Resources
  • Blog
  • January 2020 Patch Tuesday current page
Link copied

January 2020 Patch Tuesday

Jan 14, 2020
Author:
400x400 Linkedin X Profile
Phantom Labs™
BeyondTrust
Blog banner default
January 2020 Patch Tuesday
400x400 Linkedin X Profile
Phantom Labs™
BeyondTrust

Welcome to the first Patch Tuesday of the new decade! Already, we have some interesting controversy. The NSA has reported a vulnerability to Microsoft that allows for cryptographic spoofing of both local and remote certificates. This vulnerability has not been exploited in the wild, but it was discussed and teased by Krebs on Security leading up to this Patch Tuesday.

In total, there have been 49 bugs fixed this Patch Tuesday.

CryptoAPI

This bug is considered as bad as it gets, allowing a threat actor to fake file signatures and launch man-in-the-middle attacks on encrypted HTTPS communications. An attacker exploiting this vulnerability would be able to execute code remotely that the user believes is safely signed by a trusted source, or intercept protected information online. Microsoft rates this vulnerability as Important, and likely to be exploited. The NSA claims that the vulnerability is critical, and that remote exploit software will be easy to produce and made widely available in the near future. Administrators should patch their systems immediately, as there is no known mitigation for this vulnerability.

Windows Remote Desktop Gateway

While the NSA’s bug has taken the spotlight, it does not mean it is the only serious bug this month. Two flaws in Windows RDP could allow for a remote user without credentials to take over a vulnerable host server by initiating an RDP connection with maliciously crafted packets, requiring no interaction from the user. Microsoft rates these vulnerabilities as Critical.

Internet Explorer

Microsoft’s first browser, Internet Explorer, got the usual touchup treatment for Patch Tuesday. The browser was vulnerable to a memory corruption vulnerability that, if exploited, would allow for a remote attacker to execute arbitrary code within the context of the current user. The attacker would have to lure a vulnerable victim to a maliciously crafted site, or a site with malicious content displayed on it. Microsoft rates this vulnerability as Critical.

Microsoft Excel

Microsoft Excel is vulnerable to a remote code execution bug that executes code with the security context of the current user. As usual, exercising the principle of least privilege is the best way to protect yourself from vulnerabilities of this type. Microsoft rates this vulnerability as Critical

Latest Posts
  • Hooked on Identity (Part 2): Abusing OAuth Trust Boundaries in Okta
    Jun 12, 2026 Hooked on Identity (Part 2): Abusing OAuth Trust Boundaries in Okta
    Blog
    7m
  • Hooked on Identity: Abusing SAML Assertion Inline Hooks in Okta
    Jun 9, 2026 Hooked on Identity: Abusing SAML Assertion Inline Hooks in Okta
    Blog
    6m
  • Joining Project Glasswing: Securing the Privilege Backbone of the AI Era
    Jun 8, 2026 Joining Project Glasswing: Securing the Privilege Backbone of the AI Era
    Blog
    5m
  • The Most Common & Most Dangerous Types of Shadow IT
    Jun 5, 2026 The Most Common & Most Dangerous Types of Shadow IT
    Blog
    19m
  • 14 Password Management Best Practices
    May 28, 2026 14 Password Management Best Practices
    Blog
    12m
Related
  • Cloud Integration: Okta + PowerBroker for Unix & Linux for Authorization and Command Control
    Aug 2, 2018 Cloud Integration: Okta + PowerBroker for Unix & Linux for Authorization and Command Control
    Blog
    1m
  • Channelling Our Talent: BeyondTrust Champions Scoop Two Awards
    Nov 25, 2020 Channelling Our Talent: BeyondTrust Champions Scoop Two Awards
    Blog
    1m
Share this Article
  • Link
Stay up to Date
Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

Keep up with BeyondTrust

Customer Support Get Started
  • LinkedIn
  • X
  • Facebook
  • Instagram
  • Add BeyondTrust as a preferred source on Google
  • Privacy
  • Security
  • Manage Cookies
  • Do Not Sell My Data
  • WEEE Compliance

Copyright © 2003 — 2026 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

Prefers reduced motion setting detected. Animations will now be reduced as a result.